Thought leadership for banking and financial services professionals

Survey shows account takeover fraud on the rise

Posted on May 19th, 2017

A new report has emphasized the need for banks to redouble their efforts when it comes to fighting fraud, after it found the number of account takeovers in the UK saw a major rise over the last 12 months.

The study, by fraud prevention service Cifas, revealed that account takeovers – sometimes called facility takeovers – increased by 45 percent in 2016 compared with the previous year, from 15,497 to 22,525.

Account takeovers, where a fraudster poses as a genuine customer in order to gain access to their account – be it banking, telecoms, emails or retail accounts – are a serious issue for firms, particularly in the financial services sector, where access to a consumer’s finances can be a highly valuable target for fraudsters.

Cifas’ research found that unlike identity fraud, where digital channels are the most prevalent target for criminals (with 88 percent of these attempts taking place online), account takeover fraudsters rely heavily on phone channels.

Just 30 percent of account takeovers take place online, with over half of recorded incidents involving a fraudster getting in touch with a contact center via the phone.

Cifas stated: “The increase in facility takeover, particularly those committed over the phone, is a sign that, as security for customer accounts has increased, criminals target individuals instead and trick them into revealing personal details.”

The report explained that for such attempts to be successful, fraudsters must have already collected a significant amount of customer information beforehand, such as dates of birth, addresses, details of bank or other accounts and passwords.

These can often be gained from data breaches elsewhere, or gathered directly from targets via methods such as phishing or even tracking an individual’s public social media accounts. They can then use this to convince call center staff they are the genuine customer.

If fraudsters come armed with all the information they need to pass companies’ authentication steps, it can be difficult to detect this type of fraud, which is why banks must focus on issues such as user education in order to reduce the risk of customers inadvertently revealing key information.

Cifas said they must also focus on educating their call center staff to be aware of the tactics used by fraudsters and make the most of technology such as biometrics and two-factor authentication.